On Tue, Jul 30, 2002 at 02:05:41PM +0200, Michael Bell wrote:
> Cedric Tabary schrieb:
> >
> > I installed openca RC2 & openssl 0.9.7-beta2
> >
> > When I click "Approve and sign request" in the RA I get the following
> > error (netscape 4.79):
> >
> > Error 6206
> > General Error. Cannot build PKCS#7-object from extracted signature!
> > OpenCA::X509 returns errorcode ()..
> >
> > in apache log :
> > Signature OK
> > General Error Trapped 6206: Cannot build PKCS#7-object from extracted
> > signature!
> > OpenCA::X509 returns errorcode (). at
> > /usr/local/OpenCA/lib/functions/misc-utils.lib line 38.
> > Compilation failed in require at /usr/local/apache/cgi-bin/ra/RAServer
> > line 213.
>
> There is a bug in the errorreporting code of crypo-utils.lib. I fixed
> and attached it. You can find it in OPENCADIR/lib/functions/
>
> Please try again and send me the output.
Now I get :
Signature OK
General Error Trapped 6206: Cannot build PKCS#7-object from extracted
signature!
OpenCA::PKCS7 returns errorcode 7911031 (OpenCA::PKCS7->new: Cannot
initialize signature (7912021)
OpenCA::PKCS7->initSignature: Cannot parse signature (7921021)
OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature
(7742073)
OpenCA::OpenSSL->verify: openca-verify failed (35584):
.). at /usr/local/OpenCA/lib/functions/misc-utils.lib line 38.
Compilation failed in require at /usr/local/apache/cgi-bin/ra/RAServer
line 213.
>
> > Then ...
> > I tried to issue directly the certificate from the CA in the Pending
> > Requests (I installed the RA and CA on the same PC for testing)
> > It seems to be ok : Certificate issued and Certificate Request archived
> > (Except for some "unable to write 'random state'" in the logs.)
> >
> > But no mail is sent and I can't get the issued cert from the
> > /pub/getcert.html
>
> This sounds like a wrong installation. Can you see the certificate on
> the CA and the RA? The mails must be send by hand (online --> Email new
> users).
I can see the certificate requests from the CA and the RA
in Information -> Requests
I issued the cert from the CA directly (no approval from the RA), sent
the mail by hand in the online section and managed to get it from the
pub section :-)
I found the serial by hand because I don't know how to read the smime.p7m
attached to the mail (using mutt).
--
C�dric Tabary - EFREI - Promo 2003 +] Un OS pour les gouverner tous,
[EMAIL PROTECTED] [+ Un OS pour les trouver,
http://perso.efrei.fr/~tabary/ +] Un OS pour les amener tous
Equipe Syst�me Unix, Efrei Linux, Club-Rezo [+ Et dans les t�n�bres les lier..
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
